update TODO

diff --git a/TODO b/TODO
index 33afe3978385e688946517e1a832fdc1e0341490..0ce9a1fd30d76431e656a28fb1dce667838c724f 100644 (file)
--- a/TODO
+++ b/TODO
@@ -33,7 +33,13 @@ Janitorial Clean-ups:
 
 Features:
 
-* RemoveIPC= in unit files for removing POSIX/SysV IPC objects
+* introduce an "invocation ID" for units, that is randomly generated, and
+  identifies each runtime-cycle of a unit. It should be set freshly each time
+  we traverse inactive → activating/active, and should be the primary key to
+  map offline data (stored in the journal) with online bus objects. Let's pass
+  this as $SYSTEMD_INVOCATION_ID to services, as well as set this as xattr on
+  the cgroup of a services. The former is accessible without privileges, the
+  latter ensures the ID cannot be faked.
 
 * Introduce ProtectSystem=strict for making the entire OS hierarchy read-only
   except for a select few
@@ -58,6 +64,8 @@ Features:
 
 * ProtectControlGroups= which mounts all of /sys/fs/cgroup read-only
 
+* ProtectKernelTunables= which mounts /sys and /proc/sys read-only
+
 * RemoveKeyRing= to remove all keyring entries of the specified user
 
 * Add DataDirectory=, CacheDirectory= and LogDirectory= to match
@@ -76,6 +84,9 @@ Features:
 
 * journalctl: make sure -f ends when the container indicated by -M terminates
 
+* mount: automatically search for "main" partition of an image has multiple
+  partitions
+
 * expose the "privileged" flag of ExecCommand on the bus, and open it up to
   transient units
 
@@ -86,6 +97,12 @@ Features:
 
 * allow attaching additional journald log fields to cgroups
 
+* add bus API for creating unit files in /etc, reusing the code for transient units
+
+* add bus API to remove unit files from /etc
+
+* add bus API to retrieve current unit file contents (i.e. implement "systemctl cat" on the bus only)
+
 * rework fopen_temporary() to make use of open_tmpfile_linkable() (problem: the
   kernel doesn't support linkat() that replaces existing files, currently)
 
@@ -112,8 +129,6 @@ Features:
 
 * add systemctl stop --job-mode=triggering that follows TRIGGERED_BY deps and adds them to the same transaction
 
-* Maybe add a way how users can "pin" units into memory, so that they are not subject to automatic GC?
-
 * PID1: find a way how we can reload unit file configuration for
   specific units only, without reloading the whole of systemd